CVE-2026-7669

MEDIUM NVD

CVSS Score 5.6

Severity MEDIUM

Published May 02, 2026

Vendor unknown

Description

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/submit/799263
https://vuldb.com/vuln/360817
https://vuldb.com/vuln/360817/cti